39,59 €
Mehr erfahren.
- Herausgeber: Packt Publishing
- Sprache: Englisch
Gain essential knowledge and keep your NetScaler environment in top form
About This Book
- Learn how the main features - Load Balancing, Content Switching, GSLB, SSL offloading, AAA, AppFirewall, and Gateway work under the hood using vividly explained flows and traces
- Explore the NetScaler layout and the various logs, tools and methods available to help you when it's time to debug
- An easy-to-follow guide, which will walk you through troubleshooting common issues in your NetScaler environment
Who This Book Is For
This book is aimed at NetScaler administrators who have a basic understanding of the product but are looking for deeper exposure and guidance in identifying and fixing issues to keep their application environment performing optimally.
What You Will Learn
- Troubleshoot traffic management features such as load balancing, SSL, GSLB and content switching
- Identify issues with caching and compression
- Deal with authentication issues when using LDAP, RADIUS, certificates, Kerberos and SAML
- Diagnose NetScaler high availability and networking issues
- Explore how application firewall protections work and how to avoid false positives
- Learn about NetScaler Gateway integration issues with XenApp, XenDesktop, and XenMobile
- Deal with NetScaler system-level issues
- Discover the NetScaler troubleshooting tools
In Detail
NetScaler is a high performance Application Delivery Controller (ADC). Making the most of it requires knowledge that straddles the application and networking worlds.
As an ADC owner you will also likely be the first person to be solicited when your business applications fail. You will need to be quick in identifying if the problem is with the application, the server, the network, or NetScaler itself.
This book provides you with the vital troubleshooting knowledge needed to act fast when issues happen. It gives you a thorough understanding of the NetScaler layout, how it integrates with the network, and what issues to expect when working with the traffic management, authentication, NetScaler Gateway and application firewall features. We will also look at what information to seek out in the logs, how to use tracing, and explore utilities that exist on NetScaler to help you find the root cause of your issues.
Style and approach
This helpful guide to troubleshooting NetScaler is delivered in a comprehensive and easy-to-follow manner. The topics in the book adopt a step-by-step approach.
Sie lesen das E-Book in den Legimi-Apps auf:
Seitenzahl: 288
Veröffentlichungsjahr: 2016
Ähnliche
Table of Contents
Troubleshooting NetScaler
Troubleshooting NetScaler
Copyright © 2016 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
First published: April 2016
Production reference: 1270416
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham B3 2PB, UK.
ISBN 978-1-78217-535-3
www.packtpub.com
Credits
Author
Raghu Varma Tirumalaraju
Reviewers
Naval Khanna
Anton van Pelt
Dennis van Remortel
Travis Scotto
Neil Spellings
Craig Tolley
Acquisition Editor
Reshma Raman
Content Development Editor
Riddhi Tuljapurkar
Technical Editor
Mohita Vyas
Copy Editor
Merilyn Pereira
Project Coordinator
Sanchita Mandal
Proofreader
Safis Editing
Indexer
Mariammal Chettiyar
Graphics
Disha Haria
Jason Monterio
Abhinash Sahu
Production Coordinator
Arvindkumar Gupta
Cover Work
Arvindkumar Gupta
Notice
The statements made and opinions expressed herein belong exclusively to the author and reviewers of this publication, and are not shared by or represent the viewpoint of Citrix Systems®, Inc. This publication does not constitute an endorsement of any product, service, or point of view. Citrix® makes no representations, warranties or assurances of any kind, express or implied, as to the completeness, accuracy, reliability, suitability, availability, or currency of the content contained in this publication or any material related to this publication. Any reliance you place on such content is strictly at your own risk. In no event shall Citrix®, its agents, officers, employees, licensees, or affiliates be liable for any damages whatsoever (including, without limitation, damages for loss of profits, business information, or loss of information) arising out of the information or statements contained in the publication, even if Citrix® has been advised of the possibility of such loss or damages.
Citrix®, XenApp®, XenDesktop®, CloudBridge™, StoreFront™, and NetScaler Gateway™ are trademarks of Citrix Systems®, Inc. and/or one or more of its subsidiaries, and may be registered in the United States Patent and Trademark Office and in other countries. Some of the images in the chapters are taken from the Citrix® website and documentation.
About the Author
Raghu Varma Tirumalaraju has been in the networking industry for around 10 years, with a good part of this time at Citrix working with NetScaler in various support roles. As someone who thoroughly enjoys packet analysis, he finds that NetScaler lends itself perfectly to troubleshooting if you just know where to look, and he would like to share some of the techniques he's picked up over the years.
Writing a book for the first time is a daunting experience regardless of the subject. I would like to thank the solid team at Packt Publishing—Riddhi Tuljapurkar for managing to keep us moving forward with endless patience as I struggled for time on several occasions and her thorough inputs on presentation, Shaon Basu for his initial guidance and encouragement, and Mohita Vyas for ensuring that the book is at the standard it should be. I would also like to thank the reviewers especially Craig Tolley, Anton Van Pelt, Dennis Van Remortel, Travis Scotto, and Neil Spellings, whose insightful inputs have helped turn this book from its original amateurish form into something (hopefully!) much more readable.
Being given the opportunity to write a book while being employed is also a matter of trust. I would like to thank my current and previous managers, Bal Garcha and Nicholas Ibourk, for their support and for resisting the worry that working on a book could impact the quality of my work.
Finally, as I learnt, a book doesn't get written in a day. I would like to thank my wife, Fanny, for understanding my ambitions and willing to forego our countless weekends and a fair share of evenings that we could have done something else with, and our families for their support during this time.
About the Reviewers
Naval Khanna is a diligent and seasoned trainer as well as an experienced Network Security professional. He has more than 10 years of experience in the industry and is mainly focused on niche skills such as data center technologies, virtualization, cloud computing, and application delivery controller environments. He has been providing training online, as well as classroom sessions to individuals and corporates and has successfully trained more than 500 IT personnel.
He has been associated with organizations such as F5, Oracle, Citrix, Cisco, and Microsoft. He has also worked on various projects of implementation and designing large data centers. Currently, he is working with some education/training organizations Networkers Zone and Bitzone technologies (http://www.bitzonetechnologies.com/, http://www.bitzoneindia.com/, and http://networkerszone.com/).
He has most of the industry leading certifications such as CCIE.
I would like to thank my family and my brother for supporting me in taking out time for this accomplishment and my dear friends who all cooperated with their valuable inputs.
Anton van Pelt is an enterprise mobility consultant with over 10 years of Citrix experience. Anton's focus is primarily on Enterprise Mobility solutions such as Citrix XenMobile, ShareFile, and NetScaler. He has a broad knowledge in complex IT environments.
Anton is active in presenting his technical knowledge throughout the community (Citrix IRC channel, Citrix Support Forums, NetScaler KB, and so on) and as a speaker at various international conferences. He is also the co-author of Enterprise Mobility Management Smackdown, PQR and User Environment Management Smackdown, PQR.
Anton has been awarded the Citrix CTP (Citrix Technology Professional) and RSVP (RES Software Valued Professional) titles.
You can contact Anton at [email protected], follow his Twitter handle at @AntonvanPelt, or follow his blog at https://www.antonvanpelt.com/.
Dennis van Remortel is a senior consultant at ilionx. ilionx is an ICT service provider which aims to make your organization more successful using its services and solutions.
In this position, Dennis is responsible for designing and implementing both cloud and on-premise infrastructures. Furthermore, he has 14 years' experience with Lotus Notes/Domino. He is a Certified NetScaler Administrator and has been working with NetScaler for the past 8 years.
He previously reviewed Lotus Quickr 8.5 for Domino Administration.
Travis Scotto has been involved in the tech industry since he was 14. He began his career as a part-time web guru for a small local company and has improved ever since. He now works as a system Administrator with specialization in Citrix technologies and virtualization as a whole. Over the years, he has worked on multiple versions of Citrix XenApp, XenServer, Provisioning Services, and Netscaler. He has worked on large and small Citrix deployments with some deployments as large as 2500+ concurrent daily users. He has been involved in the architecting and maintenance of these systems as well. His Netscaler experience started with version 9.3 and continues through version 11. He has used Netscalers for access gateway, load balancing, and other various clever uses of the product. It is one of his favorite technologies to work on. Currently, he works in the healthcare technology field, but in the past has also worked on state government management systems. He also holds a small part-time position as an e-mail marketing designer. He earned his bachelors at Central Pennsylvania College in Information technology and is currently pursuing his masters in Information technology at Johns Hopkins University. This is his first book and he looks forward to writing and reviewing many more in the future.
I would like to thank all my employers and colleagues for giving me the opportunities and experience to learn these technologies, so I can better apply them to business needs and help others learn about them. I would also like to thank my family for being supportive of me as I worked on this book.
Neil Spellings is an independent virtualization and cloud infrastructure consultant who has worked with Citrix products since the early days of Winframe and Metaframe and was instrumental in the initial deployments of server-based computing technologies into a number of large financial institutions in the UK and Europe.
Neil is a Citrix Certified Expert – Virtualization and is certified across numerous other Citrix and Microsoft products to give a balanced view of the virtualization marketplace. He is a recognized SME by Citrix Education having contributed questions to numerous XenApp 6, 6.5 CCA, CCAA and CCEE exams, and has also helped write the recent XenDesktop 7 Design exam.
Neil is an active member of the Citrix community in the UK, traveling around Europe to both present and attend E2E/PubForum events, Citrix Synergy and is one of the founding members of the UK Citrix User group and remains on the steering group. Neil blogs at http://neil.spellings.net and frequently shares his opinions on twitter via @neilspellings.
Neil was awarded Citrix Technology Professional (CTP) status in 2013 for his contributions to the community.
Neil is a STEM Ambassador and runs a CodeClub in a local primary school with the ambition to inspire and encourage children to take up a career in ICT and learn to code.
Neil lives in Surrey, England, with his wife, Ina, and a 7-year old daughter, Zoë.
Craig Tolley is a senior systems engineer at the University of Cambridge with over 10 years' experience designing and managing IT in various educational environments. He is currently designing and implementing solutions using Citrix products to provide secure segregated environments for handling sensitive research data. Alongside this he is implementing configuration management and automation at the University's Clinical School. Craig remains happy to turn his hand to any IT related challenge and is proud to support local charities in providing bespoke IT solutions.
When he is not sitting behind a computer, he can be found listening to music, in his workshop perfecting his carpentry skills, or hill walking with his wife Alex and their beloved dog Bubbles.
www.PacktPub.com
eBooks, discount offers, and more
Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at <[email protected]> for more details.
At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.
https://www2.packtpub.com/books/subscription/packtlib
Do you need instant solutions to your IT questions? PacktLib is Packt's online digital book library. Here, you can search, access, and read Packt's entire library of books.
Why subscribe?
This book is dedicated to the NetScaler Community and the army of NetScaler Developers, Testers, Support Engineers and Product Managers many of whom I have had the chance to work with and learn a lot of interesting things from
Preface
NetScaler is a high performance Application Delivery Controller (ADC). Making the most of it requires knowledge that straddles the application and networking worlds.
As an ADC owner, you will also likely be the first person to be solicited when your business applications fail. You will need to be quick in identifying whether the problem is with the Application, the Server, the network, or NetScaler itself.
This book provides you with the vital troubleshooting knowledge needed to act fast when issues happen. It gives you a thorough understanding of the NetScaler layout, how it integrates with the network and what issues to expect when working with the Traffic Management, Authentication, NetScaler Gateway and Application Firewall features. We will also look at what information to seek out in the logs, how to use tracing and explore utilities that exist on the NetScaler to help you root cause your issues.
What this book covers
Chapter 1, NetScaler Concepts at a Glance, provides a short review of NetScaler background concepts. NetScaler runs as a User Process on top of FreeBSD and therefore its layout will unsurprisingly be familiar to Unix and Linux Administrators. However, some folders are of particular importance to NetScaler and the chapter reviews these folders. We will also look at the different types of IP addresses that NetScaler administrators need to be aware of, as well as how the various modes offered impact NetScaler behavior.
Chapter 2, Traffic Management Features, explains the concept of Traffic Management, which is the umbrella term used to describe the traffic handling features of NetScaler. These are load balancing, SSL Offloading, Content Switching, and GSLB. In this chapter, we will look at how to troubleshoot uneven distribution when using load balancing. There are also several options here that need to be considered when they are enabled. We discuss these considerations before looking at some useful counters that help understand how NetScaler is load balancing requests in greater detail and finish the section with a step-by-step approach to troubleshoot page load failures when using load balancing. We then look at SSL Offloading, which adds security on top of normal load balancing. We look at the SSL Handshake and Certificate related failures when implementing SSL offloading and also how to decrypt an SSL trace so you can see the requests in clear text, which is something you will be doing very often when troubleshooting SSL issues. We conclude this section with some SSL Best Practices. We continue on to Content Switching to discuss how to resolve some of the common errors seen with this feature. Finally, we look at troubleshooting GSLB failures using counters, nslookup, and nsmap.
Chapter 3, Integrated Caching and Compression, explains Caching and Compression which are HTTP standards-based optimization features. They help conserve bandwidth and help pages load faster in the process.
In this chapter, we discuss Caching-related terminology and how the policy evaluation process happens. This knowledge is key to troubleshooting as it helps determine whether an object should or shouldn't have been cached. We then look at caching best practices before focusing on troubleshooting. We also look at a number of wireshark examples to highlight the necessary details.
We then look at Compression starting with some guidance on which kind of content should and shouldn't be compressed before looking at how Compression works at a header level. We then conclude the chapter by looking at troubleshooting for Compression.
Chapter 4, AAA for Traffic Management, covers AAA for Traffic Management that adds AAA (Authentication Authorization and Accounting) to the otherwise un-authenticated traffic and it does so using encryption so that the exchange is also secure. In this chapter, we focus on the various protocols that NetScaler supports for Authentication and there are a few of them. Using Wireshark we will examine LDAP, RADIUS, Client Certificate, Form Based, Kerberos, and SAML authentication mechanisms in good detail. The last of these two protocols are especially gaining importance recently in the NetScaler world. Each of these protocols also has their own set of troubleshooting techniques which we look at in tandem.
Chapter 5, High Availability and Networking Issues, explains NetScaler High availability, which is how nearly all NetScaler deployments are currently done. We look at how heartbeats work and the conditions that cause a failover, how to identify them going back in time and how to remedy them.
In the second half of this chapter, we look at how NetScaler handles packets at the NIC level. This serves to explain why NetScaler has picked up or dropped a packet. We then differentiate between normal and error conditions based on interface outputs before focusing on the wider Networking-related issues that are often seen in NetScaler deployments and discuss how to troubleshoot them.
Chapter 6, Application Firewall, describes Application Firewall as a Firewall for Web Applications. Instead of regular connections that focus on TCP connection state and connection rules, Application Firewalls use input validation at layer 7. This input validation is in part set up by the Administrator based on the understanding of security risks associated with the application, for example, potentially risky SQL commands if the Application is a database a pplication. In this chapter, we cover the essential background such as what those vulnerabilities are and how Application Firewall can protect against them. We also examine changes that Application Firewall makes to requests to offer that protection. We then look at the logging mechanisms available on NetScaler for this feature and how to use them to identify why the request is failing.
Chapter 7, NetScaler Gateway, explains that NetScaler Gateway is the remote access feature of NetScaler. Apart from being an SSL VPN solution, which works with and without a Client, it is also the preferred way to extend XenApp, XenDesktop, and XenMobile access across the Internet.
In this chapter, we examine using wireshark how each of the capabilities such as VPN, XenApp, XenDesktop, and XenMobile integration work. This will provide you with good baseline information that you can use as a comparison during troubleshooting. We then discuss the common issues in each of these areas and how to troubleshoot them using the logs available on NetScaler, Wireshark, and helpful error codes where available.
Chapter 8, System Level Issues, discusses the issues that can impact the NetScaler system as a whole. These vary from issues such as features being unavailable and software bugs such as crashes and hangs, performance issues such as CPU and Memory to hardware issues.
We conclude the chapter with a brief discussion of the various types of builds available for the NetScaler, which will hopefully help you when it comes to deciding on a build for your next upgrade or deployment.
Chapter 9, Troubleshooting Tools, introduces the tools available on NetScaler to aid with troubleshooting. While the information covered here is also laced throughout the book in examples, a quick read of this chapter upfront will prove very useful as it covers all of this information in one place. We cover tools such as tracing and nsconmsg available on NetScaler itself along with external tools. We also discuss some points to consider when troubleshooting the Command Center and Insight Center tools themselves.
What you need for this book
Who this book is for
This book is aimed at NetScaler Administrators who have a basic understanding of the product, but are looking for deeper exposure and guidance in identifying and fixing issues to keep their Application environment performing optimally.
Conventions
In this book, you will find a number of text styles that distinguish between different kinds of information. Here are some examples of these styles and an explanation of their meaning.
Code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, User input, and Twitter handles are shown as follows: "Go to the page at https://<XenMobile_Server_IP>:4443/support.html."
A block of code is set as follows:
Any command-line input or output is written as follows:
New terms and important words are shown in bold. Words that you see on the screen, for example, in menus or dialog boxes, appear in the text like this: "Click on XenMobile and you will find a Test Connectivity button in the top right-hand corner."
Note
Warnings or important notes appear in a box like this.
Tip
Tips and tricks appear like this.
Reader feedback
Feedback from our readers is always welcome. Let us know what you think about this book—what you liked or disliked. Reader feedback is important for us as it helps us develop titles that you will really get the most out of.
To send us general feedback, simply e-mail <[email protected]>, and mention the book's title in the subject of your message.
If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide at www.packtpub.com/authors.
Customer support
Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.
Errata
Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books—maybe a mistake in the text or the code—we would be grateful if you could report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting http://www.packtpub.com/submit-errata, selecting your book, clicking on the Errata Submission Form link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded to our website or added to any list of existing errata under the Errata section of that title.
To view the previously submitted errata, go to https://www.packtpub.com/books/content/support and enter the name of the book in the search field. The required information will appear under the Errata section.
Piracy
Piracy of copyrighted material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works in any form on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy.
Please contact us at <[email protected]> with a link to the suspected pirated material.
We appreciate your help in protecting our authors and our ability to bring you valuable content.
Questions
If you have a problem with any aspect of this book, you can contact us at <[email protected]>, and we will do our best to address the problem.
Chapter 1. NetScaler Concepts at a Glance
The first chapter in this book naturally is a review of concepts that are key to the rest of the book. In this chapter, we will look at:
The NetScaler filesystem
The NetScaler code runs on top of FreeBSD as a userspace process, so it pays to understand the underlying file system structure.
Note
A question that comes up often, given the system is based on FreeBSD, is, "Is the system automatically vulnerable to any FreeBSD security issues that (as with any software systems) are reported by advisories?" The answer is, it depends; the NetScaler is a hardened appliance with several of its modules customized to reduce a potential security impact. For a definitive answer, you will need to contact Citrix Support, who would then work with a Security Response team for a validated response.
While the base layout will be familiar to anyone familiar with UNIX-based systems, the files that we would look at when troubleshooting are custom to the NetScaler.
Start by using df. This is also a great way to see how you are doing in terms of disk space:
The command df stands for diskfree, a Unix command to show disk usage statistics. By using the –ah option, we are asking for all the folders to be displayed in a human readable format, with percentages, for easy comprehension.
Let's take a look at the two important ones here for troubleshooting: /flash and /var.
/flash, as you've probably guessed, maps directly to the Flash drive/SSD installed in the NetScaler. This is the most important partition on the NetScaler as it contains the operating system along with the configuration, license, and essentially everything needed to boot the NetScaler.
The /var, which is the largest of partition and equals the hard disk on the NetScaler, contains: logs, crashes, traces, and other items that are to do with the maintenance and monitoring of the NetScaler.
In the case of a VPX, which is a virtual appliance with no physical drives, these folders become references to virtual partitions on the drive. Let's have a brief look at the important subfolders among these.
Folders on /flash
/flash contains the following folders:
Note
A copy of these backups is sent to the /var/ns_sys_backup/ folder.
Note
Monitors provided as Perl files are used when creating a monitor of the type USER. Going by the list in the following screenshot, you can guess that these are usually monitors that provide application knowledge beyond basic port or protocol response checks. In newer versions, the home for these files is /netscaler/monitors/; it's when you upload any with modifications that they are stored in /nsconfig/monitors.
Folders on /var
/var/log contains text based logs. Let's look at some of the important ones:
Tip
A very handy way to examine this file is to run a tail – f while you reproduce the issue. You might also find it useful, to demark the entries (I use a series of hyphens) before you begin reproducing the issue, to be able to spot with a bit more ease what you are looking for.
